[dochtman]

This isn't really accurate.

The problem with Firefox's current/old sync model is recovery. I.e., users think they're getting their stuff (history, passwords, etc) backed up, but when they lose their device, their data is gone forever, because almost none of them will have bothered to write down the long random string that functioned as their sync key. Also, the pairing was relatively hard to use for "normal" users.

In the newer Firefox Accounts model, yes, Mozilla will use a username/password model for users. However, the password is never sent to Mozilla in the clear, and data is still encrypted with a password-derived key before being sent to Mozilla. However, users can still recover their data because they know (something that can be used to generate) the key used to encrypt their data.

See here for more details: https://github.com/mozilla/fxa-auth-server/wiki/onepw-protoc...

I do think Mozilla would have promoted Sync more if it didn't have the recovery/UX issues I mentioned, so in that sense it might be a response to Google's model, but Mozilla's model still has a very well thought-out privacy strategy.

For those who actually liked the previous random key model + pairing, I think they might reinstate that as an option within the newer protocol/implementation at some point.

[haakon]

I really hate that this new model requires trust, whereas the old one did not. Even if I trust Mozilla not to peek, I have to accept that all my data, including all my passwords, now become subpoenable.

I get that the old model is too complicated for most people, but I really like it and am able to handle it just fine. I don't want to trust the NSA, damnit.

[ordinary]

This is incorrect. Both in the new scheme and the old, sensitive data is encrypted. In the old scheme, this key was randomly generated, while in the new, it is derived from a password. Either way, you do not need to trust Mozilla.

The main security concern (as far as I can tell, and I'm far from an expert) seems to be that the KDF used in the new protocol is not as strong as the one used in the current Sync protocol.

You should read the link posted in the post you replied to, especially the security analysis. It is quite readable and might allay some of your fears.

[pgeorgi]

Can you still host your own easily under the new model? That aspect of Firefox Sync was already deemphasized before, and that this is lost is what I fear the most with such changes.

My data silo is a box 80cm to my right. No need to start a new one at Mozilla Inc/Org.

[dochtman]

All the software for running a server is open source, I think, so in that sense it should be possible. Whether there will still be enough prefs such that you can get Firefox to sync against a different host, I'm not sure, but it seems likely that that will be possible.

[GrinningFool]

> ut when they lose their device, their data is gone forever, because almost none of them will have bothered to write down the long random string that functioned as their sync key. Al

This hasn't been true in my experience. I can initiate a sync from any previously synced device, so as long as I have one sync'd device available I can still get my data back.

[sp332]

Lucky you, having lots of devices.